Bug Description

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/111_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364

[ Emanuele Gentili ]
* SECURITY UPDATE:
+ debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894)
- The ap_proxy_http_process_response function in mod_proxy_http.c
in the mod_proxy module does not limit the number of forwarded
interim responses, which allows remote HTTP servers to cause a
denial of service (memory consumption) via a large number of
interim responses.
+ References
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364